[svlug] how to allow a user to ftp but not login?

[Joey Hess]

Rick Moen wrote:
> > A program is "hopeless in the long term" iff it has a shoddy design.
> 
> Which, as I did _not_ make clear in my ftp_daemons file, appears to be
> Mr. Daia's uncontested judgement, at least.  If he is correct, then the
> current maintainers will have to do wholesale redesign and rewriting.
> You would be better qualified than I to say if such is the case.

I wouldn't characterize either of his complaints as being insurmountable
problems with the design. They were:

| It's one of the worst attempts I ever saw to achieve
| OO design in plain C.  As usual with this approach, passing arguments
| to the "virtual" functions is awkward, and the code that actually does
| it is sloppy at best.

If the pseudo-OO-C coding style is a fatal design flaw, everbody had
better ditch GNOME. :-)

| As other people pointed out earlier, there are also sprintf()s all
| over the place (_some_ of which have been replaced with snprintf() in
| 1.2.0pre4), some strncpy() may leave unterminated strings, and path
| variables are copied to 256-bytes buffers (256 being a "magic number",
| not a #define), sometimes with strcpy().

Common C security pitfalls all, as I alluded in my earlier message. All
fixable by anyone with grep and a basic knowledge of C, too. I'd be
suprised if they were not fixed by now (all the sprintf's outside of
contrib/ are at least, according to grep).

I woudn't characterize this as a design flaw anyway, just bad
implementation. Unfortunatly, the percentage of people who can write secure
C code on the first pass seems to be somewhere near zero, which is why I
trust a audited and time tested C program over a shiny newfangled C
program most of the time when it comes to security.

-- 
see shy jo